Skills
skills/mbaptista10/skills/semantic-pr/Gen Agent Trust Hub

semantic-pr

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from git commit logs, diffs, and local filesystem PR templates to build the PR content.\n
  • Ingestion points: SKILL.md reads commit history using git log, diff stats via git diff, and local template files like .github/pull_request_template.md.\n
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested commit messages or templates.\n
  • Capability inventory: The skill has the ability to write to the repository using gh pr create and gh pr edit.\n
  • Sanitization: The skill does not perform any sanitization or validation of the text retrieved from git or the templates before incorporating it into the final PR generated by the agent.\n- [COMMAND_EXECUTION]: The skill defines a workflow that executes shell commands using git and the GitHub CLI (gh). While these are necessary for its functionality, the parameters for these commands are derived from untrusted repository content (commits and templates) and user input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 06:00 PM